Engineering

Expand all | Collapse all

Implement Smart Cards without RDS and/or Active Directory

  • 1.  Implement Smart Cards without RDS and/or Active Directory

    Posted Wed November 01, 2017 09:51 AM

    I am working with DOORS 9.6 and have a requirement to implement the use of smart cards (tokens) instead of the normal User/Password sign in. I will not have RDS and/or Active Directory available.

    I am having problems defining the DN in the User Management areas that can be recognized . I do see the token reader flashing during the login but, no results other than saying that the DN is not recognized. I do have EDIPI numbers available but each token can have several certificates on them.

    I hope that someone out there has successfully done this so I can gain some insight into this.

    Thank You in advance! 



  • 2.  RE: Implement Smart Cards without RDS (you need Active Directory)

    Posted Wed January 17, 2018 10:12 AM

    I found a solution for this!

    This is for DOORS 9.6 operating on a Windows environment.

    You do need to have Active Directory somewhere in the domain that is being used. This is how the smart card is used to first get into the domain and then the DOORS system in that domain.

    Since Smart Cards (Token) have been already implemented in the enterprise, I was able to use the existing Active Directory login and add specific information to the Admin and User areas of the system.

    1. First determine the actual Administrator of the overall instance ( or database). This can be a designated user that has been granted System Access or have an entity (Service Name) developed so that a special token is issued for that entity and held by a designated System Admin (make sure you have at least two tokens made so that a designated backup user holds one).

    2. Sign in to the system as the instance Administrator.

    3. Goto Tools --> Options --> Security

    4. In the Keys box select Add and the enter a DN like: CN=Surname\, Firstname,OU=xxx,OU=xxx,DC=xxxDC=xxx   (this is the AD path)

    5. Select "Apply"

    This has set up the Admin DN. This is critical for the Instance.

    Now set up the user account.

    1. Select Tools --> Manage Users

    2. Select a User and then Select "Edit"

    3. Select "Keys"

    4. Select the "Add" Button

    5. Enter the DN for the user. This will be the AD path like the Admin entered earlier.

    6. Hit "OK" and then Apply.

    The User is now set up.

    The next will be done at the Command Line level to implement the two factor authentication.

    1. Go to the directory of DOORS and find the path to the DOORS Bin Folder

    2. Enter: dbadmin -d Instance/port number@server name -useOSUserauthentication

    If you need to back out use: -DoNotUseOSUserauthentication

     

    On the client side (in the shortcut "Target") simply add -osUser to the existing string .

     

    Now, two factor authentication (smart card/token) is active. The users will be directed to the proper DOORS instance with the permissions assigned when creating the account for that user.